Global industrial connectivity supplier Moxa, distributed in Australia by Madison Technologies, reveals tips when using software to perform configurations to ensure industrial network security.
A Systematic Approach
The use of a systematic and automatic approach to implementing configurations is essential to ensure uniformity and, more importantly, a consistent and reliable repeatability of the configurations. This approach aims to reduce the amount of tasks that humans have to perform manually during the process, as the human factor is considered a major cause of cyber-incidents, regardless of whether they were intentional or not.
Further compounding this problem is the fact that vulnerabilities caused by human error are difficult to detect. This is because the detection often relies on the audit process that a company has implemented, which may not be 100% reliable. Last, those who perform the configurations may falsely believe that they have made the proper implementations, which in turn leaves the networks vulnerable.
It is important to give attention to not only the methodologies themselves, i.e., ‘What to implement’, but also to the way in which they are implemented, ‘The how’. By taking a systematic and automatic approach to implement the configurations, these risks can be considerably reduced, increasing the reliability and security of the networks.
Software can be one of the “how” options that allows you to successfully implement security procedures. Even the most experienced engineer cannot memorise all the configurations needed for these security procedures. Another issue that further compounds the problem is when companies want to manage the configurations and keep them consistent throughout the network life cycle. Below are three tips when using software to perform configurations.
1. Developing Checklists for Implementing Security Measures
Before your engineers start performing configurations, it is essential to provide them with clear guidelines by compiling a checklist based on your companies’ security policies. According to the IEC 62443 standard, you need to consider five stages (Figure 1). For instance, it is highly recommended to enable username and password protection to verify user identification when logging into devices, despite the temptation to not have security measures as it is much easier and quicker to access devices without password protection.
2. Using Images Rather Than Lists
One of the most efficient ways to support the security checking process without compromising user judgment is to use graphical representations rather than lists to identify equipment on networks. Images are processed faster and are easier to recognise by the human brain. Therefore, using graphical representations helps quicken the identification of the security settings of each device, as shown in Figure 2.
3. Using Colours
The final point that we will consider is colour differentiation to highlight different levels of security. The human brain can easily recognise different colour tones (Engel S, Zhang X, Wandell B, 1997), which means that different colours can be used to offer the user a quick identification of the security status of each device and inform them of possible actions that have to be taken.
In conclusion, systematic and automatic methods are more reliable than repetitive and manual processes performed by humans. It is essential that all existing cybersecurity features are suitable for the individual needs of each system and are implemented correctly. Taking a systematic approach may assist you to deal with complex security configurations, while at the same time reducing human error.
Moxa’s MXview network management software provides you with a holistic view of the security status of your networking devices and MXconfig configuration software allows you to mass configure the security parameters to ramp up your network security.
To learn more about how to get full visibility for your industrial network, visit www.madison.tech/mxview-network-management or phone 1800 72 79 79 to speak with Madison Technologies’ Customer Connect team.